blob: 0e041c6311f970284014533e67c473875bba2c55 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
|
#!/bin/bash
##############################################################################
# Copyright (c) 2015 Ericsson AB and others.
# jose.lausuch@ericsson.com
# All rights reserved. This program and the accompanying materials
# are made available under the terms of the Apache License, Version 2.0
# which accompanies this distribution, and is available at
# http://www.apache.org/licenses/LICENSE-2.0
##############################################################################
set -o errexit
set -o nounset
set -o pipefail
usage() {
echo "usage: $0 [-v] -d <destination> -i <installer_type> -a <installer_ip> [-o <os_cacert>] [-s <ssh_key>]" >&2
echo "[-v] Virtualized deployment" >&2
echo "[-s <ssh_key>] Path to ssh key. For MCP deployments only" >&2
}
info () {
logger -s -t "fetch_os_creds.info" "$*"
}
error () {
logger -s -t "fetch_os_creds.error" "$*"
exit 1
}
verify_connectivity() {
local ip=$1
info "Verifying connectivity to $ip..."
for i in $(seq 0 10); do
if ping -c 1 -W 1 $ip > /dev/null; then
info "$ip is reachable!"
return 0
fi
sleep 1
done
error "Can not talk to $ip."
}
swap_to_public() {
if [ "$1" != "" ]; then
info "Exchanging keystone public IP in rc file to $public_ip"
sed -i "/OS_AUTH_URL/c\export OS_AUTH_URL=\'$public_ip'" $dest_path
sed -i 's/internalURL/publicURL/g' $dest_path
fi
}
: ${DEPLOY_TYPE:=''}
#Get options
while getopts ":d:i:a:h:s:o:v" optchar; do
case "${optchar}" in
d) dest_path=${OPTARG} ;;
i) installer_type=${OPTARG} ;;
a) installer_ip=${OPTARG} ;;
s) ssh_key=${OPTARG} ;;
o) os_cacert=${OPTARG} ;;
v) DEPLOY_TYPE="virt" ;;
*) echo "Non-option argument: '-${OPTARG}'" >&2
usage
exit 2
;;
esac
done
# set vars from env if not provided by user as options
dest_path=${dest_path:-$HOME/opnfv-openrc.sh}
os_cacert=${os_cacert:-$HOME/os_cacert}
installer_type=${installer_type:-$INSTALLER_TYPE}
installer_ip=${installer_ip:-$INSTALLER_IP}
if [ -z $dest_path ] || [ -z $installer_type ] || [ -z $installer_ip ]; then
usage
exit 2
fi
# Checking if destination path is valid
if [ -d $dest_path ]; then
error "Please provide the full destination path for the credentials file including the filename"
else
# Check if we can create the file (e.g. path is correct)
touch $dest_path || error "Cannot create the file specified. Check that the path is correct and run the script again."
fi
ssh_options="-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no"
# Start fetching the files
info "Fetching rc file..."
if [ "$installer_type" == "fuel" ]; then
verify_connectivity "${installer_ip}"
# stable/danube uses old Fuel, requires user/pass; new Fuel uses keypair
if [[ ! "${BRANCH}" =~ "danube" ]]; then
ssh_user="ubuntu"
ssh_key="${ssh_key:-$SSH_KEY}"
if [ -z "$ssh_key" ] || [ ! -f "$ssh_key" ]; then
error "Please provide path to existing ssh key for mcp deployment."
exit 2
fi
ssh_options+=" -i ${ssh_key}"
# retrieving controller vip
controller_ip=$(ssh 2>/dev/null ${ssh_options} "${ssh_user}@${installer_ip}" \
"sudo salt --out yaml 'ctl*' pillar.get _param:openstack_control_address | \
awk '{print \$2; exit}'") &> /dev/null
info "... from controller ${controller_ip} ..."
ssh ${ssh_options} "${ssh_user}@${controller_ip}" \
"sudo cat /root/keystonercv3" > "${dest_path}"
if [[ ! "${BUILD_TAG}" =~ 'virtual' ]]; then
ssh ${ssh_options} "${ssh_user}@${installer_ip}" \
"cat /etc/ssl/certs/os_cacert" > "${os_cacert}"
fi
else
env=$(sshpass -p r00tme ssh 2>/dev/null ${ssh_options} root@${installer_ip} \
'fuel env'|grep operational|head -1|awk '{print $1}') &> /dev/null
if [ -z $env ]; then
error "No operational environment detected in Fuel"
fi
env_id="${FUEL_ENV:-$env}"
# Check if controller is alive (online='True')
controller_ip=$(sshpass -p r00tme ssh 2>/dev/null ${ssh_options} root@${installer_ip} \
"fuel node --env ${env_id} | grep controller | grep 'True\| 1' | awk -F\| '{print \$5}' | head -1" | \
sed 's/ //g') &> /dev/null
if [ -z $controller_ip ]; then
error "The controller $controller_ip is not up. Please check that the POD is correctly deployed."
fi
info "... from controller $controller_ip..."
sshpass -p r00tme ssh 2>/dev/null ${ssh_options} root@${installer_ip} \
"scp ${ssh_options} ${controller_ip}:/root/openrc ." &> /dev/null
sshpass -p r00tme scp 2>/dev/null ${ssh_options} root@${installer_ip}:~/openrc $dest_path &> /dev/null
fi
#convert to v3 URL
auth_url=$(cat $dest_path|grep AUTH_URL)
if [[ -z `echo $auth_url |grep v3` ]]; then
auth_url=$(echo $auth_url |sed "s|'$|v3&|")
fi
sed -i '/AUTH_URL/d' $dest_path
echo $auth_url >> $dest_path
elif [ "$installer_type" == "apex" ]; then
if [ -n "$RC_FILE_PATH" ]; then
echo "RC_FILE_PATH is set: ${RC_FILE_PATH}. Copying RC FILE to ${dest_path}"
sudo cp -f ${RC_FILE_PATH} ${dest_path}
else
if ! ipcalc -c $installer_ip; then
installer_ip=$(sudo virsh domifaddr undercloud | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}')
if [ -z "$installer_ip" ] || ! $(ipcalc -c $installer_ip); then
echo "Unable to find valid IP for Apex undercloud: ${installer_ip}"
exit 1
fi
fi
verify_connectivity $installer_ip
# The credentials file is located in the Instack VM (192.0.2.1)
# NOTE: This might change for bare metal deployments
info "... from Instack VM $installer_ip..."
if [ -f /root/.ssh/id_rsa ]; then
chmod 600 /root/.ssh/id_rsa
fi
if [ "${BRANCH}" == "stable/fraser" ]; then
rc_file=overcloudrc.v3
else
rc_file=overcloudrc
fi
sudo scp $ssh_options root@$installer_ip:/home/stack/${rc_file} $dest_path
fi
elif [ "$installer_type" == "compass" ]; then
if [ "${BRANCH}" == "stable/danube" ]; then
verify_connectivity $installer_ip
controller_ip=$(sshpass -p'root' ssh 2>/dev/null $ssh_options root@${installer_ip} \
'mysql -ucompass -pcompass -Dcompass -e"select * from cluster;"' \
| awk -F"," '{for(i=1;i<NF;i++)if($i~/\"127.0.0.1\"/) {print $(i+2);break;}}' \
| grep -oP "\d+.\d+.\d+.\d+")
if [ -z $controller_ip ]; then
error "The controller $controller_ip is not up. Please check that the POD is correctly deployed."
fi
info "... from controller $controller_ip..."
sshpass -p root ssh 2>/dev/null $ssh_options root@${installer_ip} \
"scp $ssh_options ${controller_ip}:/opt/admin-openrc.sh ." &> /dev/null
sshpass -p root scp 2>/dev/null $ssh_options root@${installer_ip}:~/admin-openrc.sh $dest_path &> /dev/null
info "This file contains the mgmt keystone API, we need the public one for our rc file"
if grep "OS_AUTH_URL.*v2" $dest_path > /dev/null 2>&1 ; then
public_ip=$(sshpass -p root ssh $ssh_options root@${installer_ip} \
"ssh ${controller_ip} 'source /opt/admin-openrc.sh; openstack endpoint show identity '" \
| grep publicurl | awk '{print $4}')
else
public_ip=$(sshpass -p root ssh $ssh_options root@${installer_ip} \
"ssh ${controller_ip} 'source /opt/admin-openrc.sh; \
openstack endpoint list --interface public --service identity '" \
| grep identity | awk '{print $14}')
fi
info "public_ip: $public_ip"
swap_to_public $public_ip
else
sudo docker cp compass-tasks:/opt/openrc $dest_path &> /dev/null
sudo chown $(whoami):$(whoami) $dest_path
sudo docker cp compass-tasks:/opt/os_cacert $os_cacert
fi
elif [ "$installer_type" == "joid" ]; then
# do nothing...for the moment
# we can either do a scp from the jumphost or use the -v option to transmit the param to the docker file
info "Do nothing, creds will be provided through volume option at docker creation for joid"
elif [ "$installer_type" == "foreman" ]; then
#ip_foreman="172.30.10.73"
controller="oscontroller1.opnfv.com"
verify_connectivity $installer_ip
# Check if controller is alive (here is more difficult to get the ip from a command like "fuel node")
sshpass -p vagrant ssh $ssh_options root@${installer_ip} \
"sshpass -p Op3nStack ssh $ssh_options root@${controller} 'ls'" &> /dev/null
if [ $? -ne 0 ]; then
error "The controller ${controller} is not up. Please check that the POD is correctly deployed."
fi
info "Fetching openrc from a Foreman Controller '${controller}'..."
sshpass -p vagrant ssh $ssh_options root@${installer_ip} \
"sshpass -p Op3nStack scp $ssh_options root@${controller}:~/keystonerc_admin ." &> /dev/null
sshpass -p vagrant scp $ssh_options root@${installer_ip}:~/keystonerc_admin $dest_path &> /dev/null
#This file contains the mgmt keystone API, we need the public one for our rc file
admin_ip=$(cat $dest_path | grep "OS_AUTH_URL" | sed 's/^.*\=//' | sed "s/^\([\"']\)\(.*\)\1\$/\2/g" | sed s'/\/$//')
public_ip=$(sshpass -p vagrant ssh $ssh_options root@${installer_ip} \
"sshpass -p Op3nStack ssh $ssh_options root@${controller} \
'source keystonerc_admin;keystone endpoint-list'" \
| grep $admin_ip | sed 's/ /\n/g' | grep ^http | head -1) &> /dev/null
elif [ "$installer_type" == "daisy" ]; then
verify_connectivity $installer_ip
cluster=$(sshpass -p r00tme ssh 2>/dev/null $ssh_options root@${installer_ip} \
"source ~/daisyrc_admin; daisy cluster-list"|grep active|head -1|awk -F "|" '{print $3}') &> /dev/null
if [ -z $cluster ]; then
echo "No active cluster detected in daisy"
exit 1
fi
sshpass -p r00tme scp 2>/dev/null $ssh_options root@${installer_ip}:/etc/kolla/admin-openrc.sh $dest_path &> /dev/null
elif ["$installer_type" == "osa"]; then
# Get RC file from control server
filename=$(ssh -o StrictHostKeyChecking=no root@${controller_ip} find /var/lib/lxc/controller00_nova_api_placement_container-* -name openrc)
scp root@${controller_ip}:${filename} ${destpath}
else
error "Installer $installer is not supported by this script"
fi
if [ ! -f $dest_path ]; then
error "There has been an error retrieving the credentials"
fi
echo "-------- Credentials: --------"
cat $dest_path
|